Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python-build for openSUSE:Factory
checked in at 2023-05-19 11:55:08
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-build (Old)
and /work/SRC/openSUSE:Factory/.python-build.new.1533 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-build"
Fri May 19 11:55:08 2023 rev:9 rq:1085246 version:0.10.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/python-build/python-build.changes
2023-04-22 22:02:45.906043174 +0200
+++ /work/SRC/openSUSE:Factory/.python-build.new.1533/python-build.changes
2023-05-19 11:55:29.779254558 +0200
@@ -1,0 +2,23 @@
+Sat May 6 16:59:52 UTC 2023 - Matej Cepl <mc...@suse.com>
+
+- Renamed patches support-pip-23.patch and
+ support-tarfile-data-filter.patch to 589-colorized-pip23.patch
+ and 609-filter-out-malicious.patch, respectively.
+
+-------------------------------------------------------------------
+Tue May 2 10:52:23 UTC 2023 - Ben Greiner <c...@bnavigator.de>
+
+- Remove support-tarfile-data-filter.patch: better documentation
+ required, preferable supported through upstream
+ * gh#pypa/build#609
+ * ignore the DeprecationWarning instead
+
+-------------------------------------------------------------------
+Tue May 2 08:04:24 UTC 2023 - Steve Kowalik <steven.kowa...@suse.com>
+
+- Add patch support-pip-23.patch:
+ * pip 23 also colorizes output, confusing the test.
+- Add patch support-tarfile-data-filter.patch:
+ * Set tarfile.data_filter if available.
+
+-------------------------------------------------------------------
New:
----
589-colorized-pip23.patch
609-filter-out-malicious.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-build.spec ++++++
--- /var/tmp/diff_new_pack.uQaY8N/_old 2023-05-19 11:55:32.415269645 +0200
+++ /var/tmp/diff_new_pack.uQaY8N/_new 2023-05-19 11:55:32.483270034 +0200
@@ -27,20 +27,24 @@
# wheeldir of name build does not work well with this packagename
gh#openSUSE/python-rpm-macros#157
%define _pyproject_wheeldir distwheel
-%define skip_python2 1
%{?sle15_python_module_pythons}
Name: python-build%{psuffix}
Version: 0.10.0
Release: 0
Summary: Simple PEP517 package builder
License: MIT
-Group: Development/Languages/Python
URL: https://github.com/pypa/build
Source0:
https://github.com/pypa/build/archive/%{version}.tar.gz#/build-%{version}.tar.gz
# Needs the wheels for wheel, flit-core, pytoml, and tomli for testing
Source10:
https://files.pythonhosted.org/packages/py2.py3/w/wheel/wheel-0.37.1-py2.py3-none-any.whl
Source11:
https://files.pythonhosted.org/packages/py3/f/flit-core/flit_core-3.8.0-py3-none-any.whl
Source12:
https://files.pythonhosted.org/packages/py3/t/tomli/tomli-2.0.1-py3-none-any.whl
+# PATCH-FIX-UPSTREAM 589-colorized-pip23.patch gh#pypa/build#587 mc...@suse.com
+# Different style of colouring in pip 23 (actually I see it even with pip 22)
+Patch0: 589-colorized-pip23.patch
+# PATCH-FIX-UPSTREAM 609-filter-out-malicious.patch gh#pypa/build!609
mc...@suse.com
+# With new tarfile filters, there is now new warning
+Patch1: 609-filter-out-malicious.patch
BuildRequires: %{python_module base >= 3.7}
BuildRequires: %{python_module flit-core >= 3.4}
BuildRequires: %{python_module pip}
@@ -75,6 +79,8 @@
%prep
%autosetup -p1 -n build-%{version}
+# until we have gh#pypa/build#609
+sed -i '/"error",/ a \ "ignore::DeprecationWarning:tarfile",' pyproject.toml
%if !%{with test}
%build
@@ -92,7 +98,7 @@
cp %{SOURCE10} %{SOURCE11} %{SOURCE12} wheels/
export PIP_FIND_LINKS="%{python3_sitelib}/../wheels $PWD/wheels"
pushd tests
-%pytest -n auto -x
+%pytest -n auto
popd
%endif
@@ -108,7 +114,7 @@
%license LICENSE
%python_alternative %{_bindir}/pyproject-build
%{python_sitelib}/build
-%{python_sitelib}/build-%{version}*-info
+%{python_sitelib}/build-%{version}.dist-info
%endif
%changelog
++++++ 589-colorized-pip23.patch ++++++
>From 4f5362fccc908820574fdbac2f6b6871c0f371c5 Mon Sep 17 00:00:00 2001
From: Henry Schreiner <henryschreiner...@gmail.com>
Date: Wed, 15 Mar 2023 09:33:53 -0400
Subject: [PATCH] tests: strip formatting from stderr (pip 23)
Signed-off-by: Henry Schreiner <henryschreiner...@gmail.com>
---
tests/test_main.py | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/tests/test_main.py b/tests/test_main.py
index e924d8bd..456ff749 100644
--- a/tests/test_main.py
+++ b/tests/test_main.py
@@ -20,6 +20,8 @@
cwd = os.getcwd()
out = os.path.join(cwd, 'dist')
+ANSI_STRIP = re.compile(r'\x1B(?:[@-Z\\-_]|\[[0-?]*[ -/]*[@-~])')
+
@pytest.mark.parametrize(
('cli_args', 'build_args', 'hook'),
@@ -368,8 +370,10 @@ def test_output_env_subprocess_error(
assert stdout[:4] == stdout_body
assert stdout[-1].startswith(stdout_error)
- assert len(stderr) == 1
- assert stderr[0].startswith('ERROR: Invalid requirement: ')
+ # Newer versions of pip also color stderr - strip them if present
+ cleaned_stderr = ANSI_STRIP.sub('', '\n'.join(stderr)).strip()
+ assert len(cleaned_stderr.splitlines()) == 1
+ assert cleaned_stderr.startswith('ERROR: Invalid requirement: ')
@pytest.mark.parametrize(
++++++ 609-filter-out-malicious.patch ++++++
>From 083fde33e7593d8ff9add04bd4d237a3ddcbfe44 Mon Sep 17 00:00:00 2001
From: layday <lay...@protonmail.com>
Date: Fri, 28 Apr 2023 15:22:53 +0300
Subject: [PATCH] main: filter out malicious files when extracting tar archives
See https://peps.python.org/pep-0706/.
---
src/build/__main__.py | 5 +++--
src/build/util.py | 14 +++++++++++++-
2 files changed, 16 insertions(+), 3 deletions(-)
--- a/src/build/__main__.py
+++ b/src/build/__main__.py
@@ -9,7 +9,6 @@ import platform
import shutil
import subprocess
import sys
-import tarfile
import tempfile
import textwrap
import traceback
@@ -228,6 +227,8 @@ def build_package_via_sdist(
:param isolation: Isolate the build in a separate environment
:param skip_dependency_check: Do not perform the dependency check
"""
+ from .util import TarFile
+
if 'sdist' in distributions:
raise ValueError('Only binary distributions are allowed but sdist was
specified')
@@ -238,7 +239,7 @@ def build_package_via_sdist(
sdist_out = tempfile.mkdtemp(prefix='build-via-sdist-')
built: list[str] = []
# extract sdist
- with tarfile.open(sdist) as t:
+ with TarFile.open(sdist) as t:
t.extractall(sdist_out)
try:
builder = _ProjectBuilder(os.path.join(sdist_out, sdist_name[:
-len('.tar.gz')]))
--- a/src/build/util.py
+++ b/src/build/util.py
@@ -5,6 +5,7 @@ from __future__ import annotations
import os
import pathlib
import sys
+import tarfile
import tempfile
import pyproject_hooks
@@ -56,6 +57,17 @@ def project_wheel_metadata(
return _project_wheel_metadata(builder)
+# Per https://peps.python.org/pep-0706/, the "data" filter will become
+# the default in Python 3.14.
+if sys.version_info >= (3, 12) and sys.version_info < (3, 14):
+
+ class TarFile(tarfile.TarFile):
+ extraction_filter = tarfile.data_filter
+
+else:
+ TarFile = tarfile.TarFile
+
+
__all__ = [
- 'project_wheel_metadata',
+ 'project_wheel_metadata', 'TarFile',
]
